EDIT:
We have a couple of cipher puzzles on this site which use primitive, simple ciphers like Caesar, Bacon and substitution ciphers, and some of these puzzles combine them.
This made me wonder about combined ciphers and what that means for various identification routes in general. The question, however, might be more suitable for crypto.stackexchange.com (as pointed out by Kevin) and a partial answer to my question can be found here (thanks, dmg).

The main motivation for posting this general question at P.SE is the following problem:

How could a cipher puzzle be made more resistant against brute-force tools while at the same time staying a solvable puzzle for the human brain?

I think/hope that the solution could be to use two ciphers, one of which is rather weak but requires a keyword. It is rather easy to have a keyword hidden in text so that it is easily recognized by a human, but not by any algorithm. Hence, brute-forcing would only partly help, but it remains a fair puzzle for humans.

Think of a clever puzzle with some cipher to be cracked. The clear text of this puzzle reads something like "HTEWD SADISDA OASD KLASD NOW USE THE NUMBER BEFORE TWELVE AS KEY FOR SUBSTITUTE ASD ASD ASD ASDADFDFSD" and only applying the second cipher with "eleven" as key gives the clear text. That should be rather straight forward for humans, but rather difficult for brute-force.

It is obvious that any keyword or key (prime) requiring encryption becomes stronger with the length of the keyword/key and that 32bit encryption is way less secure than 64bit encryption etc.

The one thing, which hasn't become clear to me is the following: I assume that brute-force decryption methods work by applying 'random' keys and validating the 'decrypted' message towards some measurement for "clear-text". This being true, isn't multi-encryption with different ciphers more difficult to crack, than applying the same cipher with a longer key?

Or to ask the same another way:
Assume I have some cipher which depends on a key and becomes more difficult with longer key. Let's call this the outer cipher. Now assume I have a another cipher - rather a simple one - which destroys some fundamental text parameters like letter-frequencies and word-lengths. Let's call this the inner cipher.

Even if one has a brute-force method for decryption of the outer cipher - can it even be applied if there is no knowledge of the inner cipher?

Applying this in praxis: "How much security is gained by double-encrypting a text with a simple cipher before using a strong cipher - compared to only using the strong cipher with a longer key?"

$\begingroup$I flagged this question for closure because it looks like you're more interested in cryptography than cryptograms. I suggest you ask this question on crypto.stackexchange.com or edit your question to make it more clear why it is about puzzles in particular.$\endgroup$
– KevinDec 16 '14 at 8:02

$\begingroup$@Kevin I'm okay with this. I posted it here, because we've seen a couple of "double-encrypted" ciphers here on site, which prompted my question. I'm not deep into cryptography, only in puzzles ;c) The questions would be better placed at Crypto.SE, but then the point was double fold: Get an answer for myself & have the P.SE community be aware of it at the same time. But CTV is fine with. My bad.$\endgroup$
– BmyGuestDec 16 '14 at 10:05

2

$\begingroup$@Kevin I have made an edit which should explain the scope for this question better.$\endgroup$
– BmyGuestDec 16 '14 at 10:21

2 Answers
2

Image captchas are currently the most brute-force resistant means of asking or confirming information. One could use images to depict a short message. You could also ask the decoder to take the first character of the names of each of the images. For more clarity, you could use a limited dictionary of about 1000 words or so. As long as you use a different image for the same word/character, you cannot be cracked by a computer.

$\begingroup$That looks more like steganography to me, a message is hidden in the curves of the image. There does not appear to be any method to brute-force steganography, as the hiding can be done in any number of ways.$\endgroup$
– March HoJan 8 '15 at 16:34

$\begingroup$As far as I know, a computer does not care what character set is used in a brute force attack. Because of this using a different character set might actually make it harder for a human cryptanalyst, while doing nothing to a computer, brute force attack$\endgroup$
– DarthRubikAug 4 '16 at 0:29